Security Xss Types


// Security - Cross Site Scripting - Types of XSS:

1. Reflected XSS: Reflected cross-site scripting occurs when a malicious input 
   is sent to a server and reflected back to the user on the response page. The 
   previous example of the search term in the URL was a great example of 
   reflected XSS.  A malicious attacker sends a victim an email with a disguised 
   URL. In that URL one of the variables has an embedded script in it. When the 
   victim clicks on the URL sending the request to the vulnerable server that 
   variable and it’s malicious script get embedded in the returned page executing 
   in the victims browser, most often unbeknownst to the victim. 

   In the search example, the search term is not usually stored to the database, 
   but simply displayed on the screen, and is usually submitted via a GET 
   method and be part of the URL.  Without proper protection on the server-side, 
   the attacker can tweak the URL to perform Cross Site Scripting attack, but 
   instead of attacking himself, the attacker can use URL shortener service to 
   hide the attack, and if the attacker can send the shorten URL to potential 
   victims somehow, perhaps via email or other means, and convince the potential 
   victims to click on the URLs, the attacker would have succeeded.

2. Stored XSS:  Stored XSS occurs when a malicious input is permanently stored 
   on a vulnerable server and reflected back to the user. This often occurs when 
   a malicious value can be stored in a database and retrieved, such as with a 
   forum post.

3. DOM-based XSS: DOM-based XSS  is an attack where the malicious input is 
   reflected back to the user without ever reaching the server. This is very 
   similar to reflected XSS, but without the server involved. This is an 
   important distinction because many security products cannot catch this kind 
   of attack if the malicious input does not reach the server. This sort of XSS 
   often happens when javaScript is used to take a users input and rerender it 
   directly onto the page in some way.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License